fix(starlette): Stop duplicating scope["root_path"] in URLs#6579
Merged
@sentry/warden / warden: find-bugs
completed
Jun 26, 2026
1 issue
find-bugs: Found 1 issue (1 low)
Low
EITHER mode produces double-slash URL when root_path is "/" - `sentry_sdk/integrations/_asgi_common.py:47-50`
In _get_path, when root_path_in_path is EITHER and scope["root_path"] is "/", the guard not root_path or path == root_path or path.startswith(root_path + "/") fails for normal paths: not "/" is False, "/api/users" == "/" is False, and "/api/users".startswith("//") is False. Execution falls through to return root_path + path, yielding "/" + "/api/users" = "//api/users". This produces a malformed URL/transaction name. The ASGI spec says root_path SHOULD NOT end with "/", so this only affects servers that misconfigure root_path as "/" instead of "".
Also found at:
sentry_sdk/integrations/asgi.py:411
⏱ 19m 46s · 3.5M in / 139.7k out · $4.37
Loading